Subject: EasySaml - SP.InitiateSingleSignOn second call issue
Date: 2020-07-16 13:00:31
From: swl
Source: easysaml-sp-initiatesinglesignon-second-call-issue
----------------------------------------------------------------------

Hi,

I'm new to SAML and have to implement a ServiceProvider.

I extracted plenty of code from the exemples to initiate an SSO request but I came to a problem and was unable to figure it out on my own yet.
(it's could be something very basic since it's my first time implementing any SAML v2 service provider)

So, when I try to call SamlManager.ServiceProvider.InitiateSingleSignOn, the first time, it works : the client get redirected to the target site. But ... if I call it a second time, it seems to fail on a ... conversion error of some sort.

Here's my code :

        public bool TrySingleSignOn(HttpContext context, string providerName)
    {
    	SamlManager samlManager = _samlManagerService.Current;
    
    	if (TryGetPartner(samlManager, providerName, out _) == false)
    	{
    		return false;
    	}
    
    	AuhtnRequestSettings settings = new AuhtnRequestSettings();
    	
    	try
    	{
    		samlManager.ServiceProvider.InitiateSingleSignOn(context, null, providerName, settings, _consumerUrlService.GetConsumerUrl(context), null);
    	}
    	catch(Exception e)
    	{
    		throw new SamlAuthenticationException("InitiateSingleSignOn failed", e);
    	}
    
    	return true;
    }


And here's the exception :

Message : "Object of type 'System.String' cannot be converted to type 'c_bc'."
Stack trace :

       at System.RuntimeType.TryChangeType(Object value, Binder binder, CultureInfo culture, Boolean needsSpecialCast)
       at System.Reflection.RtFieldInfo.UnsafeSetValue(Object obj, Object value, BindingFlags invokeAttr, Binder binder, CultureInfo culture)
       at System.Runtime.Serialization.FormatterServices.SerializationSetValue(MemberInfo fi, Object target, Object value)
       at System.Runtime.Serialization.FormatterServices.PopulateObjectMembers(Object obj, MemberInfo[] members, Object[] data)
       at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObjectEnd(ParseRecord pr)
       at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
       at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
       at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
       at c_cy.Load[a](HttpContextBase )
       at ComponentPro.Saml2.EasySaml.SamlServiceProvider.c_82c4548b(HttpContextBase )
       at ComponentPro.Saml2.EasySaml.SamlServiceProvider.InitiateSingleSignOn(HttpContextBase httpContext, String relayState, String partnerIdP, AuhtnRequestSettings auhtnRequestSettings, String assertionConsumerServiceUrl, String singleSignOnServiceUrl)
       at MyLibrary.Authentication.Saml.Implementation.SamlService.TrySingleSignOn(HttpContext context, String providerName) in D:\Workspace\MyApp\MyLibrary.Authentication.Saml\Implementation\SamlService.cs:line 84

Could you please help ?

[Edit]

I'm testing with Firefox and apparently, the error is caused by something in the HttpContext : 

 - I open an "InPrivate" tab
 - First attempt, the redirection works
 - Rehit the redirect button
 - Throw the exception above

then

 - I open a regular tab
 - First attempt, the redirection works
 - Rehit the redirect button
 - Throw the exception above

Regards,

Michel

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index